Computer Security
[EN] securityvulns.ru no-pyccku


dbus-daemon protection bypass
Published:29.02.2008
Source:
SecurityVulns ID:8728
Type:local
Threat Level:
5/10
Description:User can bypass security access policy for some methods.
Affected:DBUS : dbus 1.0
CVE:CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability (29.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod